Group authentication method
First Claim
1. A group authentication method adaptable to a communication system, wherein the communication system comprises a first group, a serving network, and a home network, the first group comprises at least one mobile station, the serving network has a first database for recording a plurality of group lists and group authentication data received from the home network, the home network pre-distributes a group authentication key and a mobile station authentication key to the mobile station and itself, the home network has a second database for recording the group lists generated by the home network, and the group authentication method comprises:
- identifying action to the mobile station through the serving network; and
determining whether the communication system performs a full authentication action or a local authentication action through the serving network according to the result of the identification action, anda mobile station authentication and key distribution step;
wherein the full authentication action comprises;
the execution of the home network authentication, the mobile station authentication, and key distribution;
wherein the local authentication action comprises;
a transient authentication key obtaining step, wherein the transient authentication key obtaining step comprises;
retrieving the group authentication data from the first database through the serving network, wherein the group authentication data contains which contains a group transient key (GTK) generated at the home network according to the group authentication key;
wherein the group list comprises a group number, the group authentication key, a mobile station ID, an initial value, and a group related message, and the mobile station has the group number, the mobile station ID, and the initial value;
wherein the identification action comprises;
requesting an identification data from the mobile station through the serving network;
generating a first random number through the mobile station, and then generating the identification data according to the mobile station authentication key and the first random number through the mobile station; and
transmitting the identification data to the serving network from the mobile station;
wherein the mobile station has a mobile station authentication message generation function, and the method for generating the identification data comprises;
inputting the first random number and the mobile station authentication key into the mobile station authentication message generation function stored in the mobile station to calculate a first message authentication code (MAC); and
combining the group number, the mobile station ID, the first random number, and the first MAC through the mobile station to generate the identification data.
1 Assignment
0 Petitions
Accused Products
Abstract
A group authentication method adaptable to a communication system is disclosed. The communication system includes a user group, a serving network, and a home network. The user group includes at least one mobile station. The home network pre-distributes a group authentication key to itself and all the mobile stations in the same user group and generates a mobile station authentication key for each mobile station. The home network generates a group list for recording related information of the user group. The home network has a database for recording the group list. The serving network has a database for recording the group list and a group authentication data received from the home network. The group authentication method includes following steps. The serving network performs an identification action to a mobile station. The communication system performs a full authentication action or a local authentication action according to the result of the identification action.
35 Citations
29 Claims
-
1. A group authentication method adaptable to a communication system, wherein the communication system comprises a first group, a serving network, and a home network, the first group comprises at least one mobile station, the serving network has a first database for recording a plurality of group lists and group authentication data received from the home network, the home network pre-distributes a group authentication key and a mobile station authentication key to the mobile station and itself, the home network has a second database for recording the group lists generated by the home network, and the group authentication method comprises:
-
identifying action to the mobile station through the serving network; and
determining whether the communication system performs a full authentication action or a local authentication action through the serving network according to the result of the identification action, anda mobile station authentication and key distribution step; wherein the full authentication action comprises;
the execution of the home network authentication, the mobile station authentication, and key distribution;wherein the local authentication action comprises; a transient authentication key obtaining step, wherein the transient authentication key obtaining step comprises;
retrieving the group authentication data from the first database through the serving network, wherein the group authentication data contains which contains a group transient key (GTK) generated at the home network according to the group authentication key;wherein the group list comprises a group number, the group authentication key, a mobile station ID, an initial value, and a group related message, and the mobile station has the group number, the mobile station ID, and the initial value; wherein the identification action comprises;
requesting an identification data from the mobile station through the serving network;generating a first random number through the mobile station, and then generating the identification data according to the mobile station authentication key and the first random number through the mobile station; and transmitting the identification data to the serving network from the mobile station; wherein the mobile station has a mobile station authentication message generation function, and the method for generating the identification data comprises; inputting the first random number and the mobile station authentication key into the mobile station authentication message generation function stored in the mobile station to calculate a first message authentication code (MAC); and combining the group number, the mobile station ID, the first random number, and the first MAC through the mobile station to generate the identification data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A group authentication method adaptable to authentications between a home network, a serving network, and a user group, wherein the user group has at least one mobile station, the mobile station and the home network have a group authentication key and a mobile station authentication key, the home network has a group list, the mobile station has a mobile station ID, a group number, and an initial value, the serving network has a database for recording the group list received from the home network, and the group authentication method comprises:
-
generating an identification data in the mobile station, wherein the identification data comprises a first MAC and the mobile station ID;
transmitting the identification data to the serving network through the mobile station;determining whether the mobile station ID is in the group list recorded in the database through the serving network, if the mobile station ID is not in the group list recorded in the database; transmitting the identification data to the home network through the serving network; generating a second MAC in the home network according to the identification data; comparing the first MAC and the second MAC, wherein the home network authenticates the mobile station successfully if the first MAC and the second MAC are the same; generating a GTK in the home network by using the group authentication key; transmitting a group authentication data and the group list to the serving network, wherein the group authentication data comprises the GTK; and recording the group list and the group authentication data in the database of the serving network; if the mobile station ID is found in the group list recorded in the database; obtaining the group authentication data from the database of the serving network according to the mobile station ID;
generating a third MAC in the serving network by using the group authentication data;transmitting a serving network authentication data to the mobile station, wherein the serving network authentication data comprises the third MAC; generating the GTK in the mobile station by using the group authentication key recorded in the mobile station and the serving network authentication data received from the serving network; the mobile station generating a fourth MAC in the mobile station by using the comparing the third MAC and the fourth MAC in the mobile station, wherein the mobile station authenticates the serving network and the home network successfully if the third MAC and the fourth MAC are the same; calculating a master key in the serving network by using the group authentication data and the identification data received from the mobile station; generating the master key and a fifth MAC in the mobile station by using the serving network authentication data and the GTK; transmitting the fifth MAC to the serving network through the mobile station; generating a sixth MAC in tile serving network by using the group authentication data; comparing the fifth MAC and the sixth MAC in the serving network, wherein the serving network authenticates the mobile station successfully if the fifth MAC and the sixth MAC are the same; and both the serving network and the mobile station transmitting encrypted data by using the master key, so as to perform a secured communication between the serving network and the mobile station. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification